I have many servlets in my application. I use container-based authentication; e.g. the container intercepts to verify the user's membership as soon as the LOGON button is clicked and the user submits his/her name and password. After container has done its job, normal logical flow resumes. I want to check whether user is logged in and wheter a session object exists already when each servlet is called. I do not think that I can use isUserInRole() because there are four different roles. My concern is what I store in a session could be overwritten if the user has more than one browser window open. How do I handle the situation?